FRAMINGHAM, 29 SEPTEMBER 2010 - The threats and challenges you face haven't changed much in the past year, but you're finding a better recipe for protecting your corporate data and networks, according to our eighth annual Global Information Security Survey.
"There's a real sense of tension in this year's numbers; a sense that with the change in the economy there's been a resetting of expectations," said Mark Lobel, a principal in the advisory services division of PricewaterhouseCoopers, which conducted the study on behalf of CIO and CSO magazine, a sister publication.
Of the 12,847 business and technology executives surveyed worldwide, 67 percent place a priority on security procedures that help your organization minimize risk. But you realize you must make do with more targeted spending on technology and bring in outside security expertise to manage what your IT staff can't. Here's why:
You want to embrace cloud computing because it makes your IT operations leaner and less expensive. But your understanding of cloud security hasn't advanced much in the last year. You have to be cautious.
Your customers want to spend their money online and use more fancy apps to do it-and on mobile devices, too. So you have to guard against vulnerabilities attackers can exploit to steal your customers' private data and other core assets. What's more, government and industry regulations often require such protections. Meanwhile, increasingly complex business relationships are forcing you to give outsiders greater access to your internal systems. You need protection from an attack against a business partner that might spill over to your network.
The financial meltdown two years ago may have stalled some of your security initiatives, but 56 percent of you said increasing risks have elevated the role and importance of security at your company. There's no turning back from what you've started.
Caution in the Cloud
Sixty-two percent of you have little to no confidence in your ability to secure any assets that you put in the cloud. Even among the 49 percent of respondents who have ventured into cloud computing, more than a third (39 percent) have major qualms about security.
Asked what they think is the greatest risk to their cloud computing strategy, respondents said they were uncertain about their ability to enforce security policies at a provider site, and were concerned about inadequate training and IT auditing.
James Pu, CIO for the Los Angeles County Employees Retirement Association (Lacera), is among the skeptics. He says he loves the flexibility and agility cloud computing could provide, but he's wary of the inherent availability and security risks.
"As good as it is today, you don't have the same reliability as you have with a local-area network," says Pu, who does double duty as Lacera's information security officer. "I also worry about the third parties involved." Cloud vendors, he notes, use third parties to host data centers and hardware. And those hosts may hire people without doing necessary background screening. "When data goes into the cloud," Pu says, "all it takes is a software bug to accidentally reveal my data."
Sign up for Computerworld eNewsletters.